Using Model Update in applications

Overview

With the introduction of on-device machine learning (ML) models such as CoreML and TensorFlow Lite, mobile apps can now perform ML operations such as image recognition, speech to text etc., on the device even when the device is offline. An important characteristic of a machine learning model is that they continuously evolve. Updating these models with their newer versions, on a device, becomes extremely critical to the success of a mobile app.

To assist with this requirement, IBM Mobile Foundation introduces the Model Update feature. Mobile Foundation applications can now embed ML models, which can be updated “over-the-air” with newer versions. Organizations are thus able to ensure that end-users always use the updated AI models.

Compress the latest model(s) into a zip format, in order to send the model version to an application. This .zip needs to be uploaded under the Machine Learning tab of the MobileFirst Operations console. Model Update is then activated whenever the application invokes downloadModelUpdate API.

Supported platforms: Currently, Model Update is supported only for iOS.

Jump to:

How Model Update works

The models are initially packaged with the application to ensure first offline availability. Later, the application checks for updates with the MobileFirst Server whenever the downloadModelUpdate API is invoked.

After a Model Update, downloadModelUpdate API returns the location of the downloaded model and this location gets updated whenever an update is performed.

Versioning

A Model Update applies only to a specific application version. In other words, updates generated for an application versioned 2.0 cannot be applied to a different version of the same application.

Creating and deploying model packages

When a newer or updated version of the model is available, follow the steps below to upload the model file to the MobileFirst Server.

Steps:

Create an .zip archive of one or more machine learning model files (e.g. .mlmodel ).

Open the MobileFirst Operations Console and click the application entry in the left panel.

Invoking an update

iOS

Note: This API shouldn’t be invoked simultaneously with ObtainAccessToken or WLResourceRequest API.

Typically, application developers should call this API during the startup of the application.

The downloadModelUpdate API returns one of the following status codes and a link to the downloaded package, if the download is successful, or the path to the previously downloaded package is returned.

The final status will be one of the following codes:

Status code

Description

SUCCESS

Model update finished with no errors.

CANCELED

Model update was canceled.

FAILURE_NETWORK_PROBLEM

There was a problem with a network connection during the update.

FAILURE_DOWNLOADING

The file was not downloaded completely.

FAILURE_NOT_ENOUGH_SPACE

There is not enough space on the device to download and unpack the update file.

FAILURE_UNZIPPING

There was a problem unpacking the update file.

FAILURE_ALREADY_IN_PROGRESS

An update was requested when one was already in progress.

FAILURE_INTEGRITY

Authenticity of update file cannot be verified.

FAILURE_UNKNOWN

Unexpected internal error.

Secure Model Update

Disabled by default, Secure Model Update prevents a third-party attacker from altering the models that are transferred from the MobileFirst Server (or from a Content Delivery Network (CDN)) to the client application.

To enable Model Update authenticity

Using a preferred tool, extract the public key from the MobileFirst Server keystore and convert it to base64.
The produced value should then be used as below:

In the client application, open the mobilefirst configuration file (i.e mfpclient.plist for iOS and mfpclient.properties for Android).

Add the new key value called wlSecureModelUpdatePublicKey.

Provide the public key for the corresponding key value and save.

Any future Model Update deliveries to client applications will be protected by Model Update authenticity.

Model Update in development, testing, and production

For development and testing purposes, developers typically use Model Update by simply uploading an archive to the development server. While this process is easy to implement, it is not very secure as models can be tampered either during transit or after being downloaded on the device.

For the production or even pre-production testing phase, it is strongly recommended to implement secure Model Update before you publish your application to the app store. Secure Model Update requires an RSA key pair that is extracted from a CA signed server certificate.

Note: Take care that you do not modify the keystore configuration after the application was published, updates that are downloaded can no longer be authenticated without reconfiguring the application with a new public key and republishing the application. Without performing these steps, Model Update fails on the client.